Exhibit A 
1 tzlbacl4 . sql 



$Header: tzlasOl.sql ... 



REMARK >>>> Set System Variables For Current SQLPlus Session <<<< 

SET FEEDBACK 1 

SET NUMWIDTH 10 

SET PAGESIZE 24 

SET LINESIZE 80 

SET TRIMSPOOL ON 

SET TAB OFF 

SET DEFINE ,A ' 

SET ECHO ON 

CONNECT LBACS YS / LBACSYS 
-- Create two SA policies 

EXECUTE SA_SYSDBA. CREATEJPOLICY ( 1 SA1 ' , ' SAl_COL ' , ' ALL_CONTROL ' ) ; 
EXECUTE SA_S YSDBA . CREATE_POL I C Y ( 1 SA2 ' , ' SA2_COL » , ■ NO__CONTROL « ) ; 

-- Initialize PUBLIC labels for them 

EXECUTE SA_LABELS . CREATE_LEVEL ( 1 SA1 ' , 0 , ' PUBLIC ' , 1 PUBLIC Level » ) ; 
EXECUTE SA_LABELS . CREATE_LEVEL ( ' SA2 1 , 0 , * PUBLIC ' , ' PUBLIC Level ' ) ; 

EXECUTE SA_LABEL_ADMIN. CREATEJLABEL ( ' sal ' , 10, 'public ' ) ; 
EXECUTE SA_LABEL_ADMIN.CREATE_LABEL ( ' sa2 ' , 10, 'public' ) ; 

-- Setup some labels for policy SA1 

EXECUTE SA_LABELS . CREATE_LEVEL ( ' sal ' , 10 , ' c • , ' confidential » ) ; 
EXECUTE SA_LABELS . CREATE_LEVEL ( » sal ' , 2 0 , ' s 1 , ' SECRET 1 ) ; 
EXECUTE SA_LABELS . CREATE _LEVEL ( 'sal' ,30, 'ts ' , 1 Top Secret ' ) ; 

EXECUTE SA_LABELS . CREATE_COMPARTMENT ('sal', 5, 'A', ' ALPHA ' ) ; 
EXECUTE SA_LABELS . CREATE_COMPARTMENT ( ' sal 1 , 10 , ' b ' , ' beta ' ) ; 

EXECUTE SA_LABELS . CREATE_GROUP ('sal', 5, 'Gl',' group 1 ' ) ; 
EXECUTE SA_LABELS . CREATE_GROUP ( » sal ' , 51 , 1 G2 1 , ' group 2 ' , ' Gl ' ) ; 
EXECUTE SA_LABELS . CREATE_GROUP ( ' sal 1 , 52 , • G3 ' , ' group 3 ' , • Gl ' ) ; 

EXECUTE SA_LABEL_ADMIN. CREATE_LABEL ( 1 sal ' , 2 00 , ' c ' ) ; 
EXECUTE SA_LABEL_ADMIN . CREATE__LABEL ( ' sal », 225,'c:b,a'); 
EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( ' sal ' , 2 10 , ' C : a ' ) ; 
EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( ' sal ■ , 2 05 , ' c : : g2 ' ) ; 
EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( ' sal ' , 300, ' S ' ) ; 
EXECUTE SA__LABEL_ADMIN. CREATE_LABEL ( ' sal ' , 310 , ' S : a ' ) ; 

-- Generate some labels 

SELECT LAB E L_TO_CHAR ( TO_SA_LABEL ( ' sal « , ' c : a : gl ' ) ) FROM DUAL; 
SELECT LABEL_TO_CHAR ( TO__S A_LABEL ( ' sal ' , * s : a , b ' ) ) FROM DUAL ; 
SELECT LAB E L__TO_CHAR (TO_SA_LABEL ( ' sal ' , 'public : a :gl 1 ) ) FROM DUAL; 

COL POL I C Y_NAME FORMAT A15 

COL LABEL FORMAT A2 0 

SELECT * FROM DBA SA LABELS; 



col labelvalue format a2 0 
col policy_name format alO 
SELECT * from dba_sa_labels ; 

Set user labels 
EXECUTE SA_USER_ADMIN . SET_LEVELS ( ' sal 1 , ' scott ' , ' S 1 , ' C 1 ) ; 
EXECUTE SA_USER_ADMIN. SET_COMPARTMENTS ( » sal 1 , ' scott ' , 1 a, b ' ) ; 
EXECUTE S A_US E R_ADM I N . SET_GROUPS ( » sal ■ , ' scott ' , » Gl ' ) ; 
SELECT * FROM dba_sa_user_levels ORDER BY policy_name, user_name; 
SELECT * FROM dba_sa_user_compartments ORDER BY policy__name, user_name; 
SELECT * fROM dba_sa_use regroups ORDER BY policy_name, user_name; 

-- Look at session labels 
CONNECT scott/tiger 

create or replace FUNCTION get_list (pol IN VARCHAR2) 
RETURN VARCHAR2 IS 

test_list lbacsys . lbac_label_list ; 
begin 

test_list : =lbac_session. ef f ective_labels (pol) ; 

RETURN label_list_to_named_char (test_list , 'effective') ; 
END; 
/ 

select get_list ( ' sal 1 ) from dual; 
select get_list ( ' sa2 ' ) from dual; 



